It's not hard to think of ways to outsmart Stingray-detector apps

From the Boing Boing Shop

Follow Us

A group of researchers from Oxford and TU Berlin will present their paper, White-Stingray: Evaluating IMSI Catchers Detection Applications at the Usenix Workshop on Offensive Technologies, demonstrating countermeasures that Stingray vendors could use to beat Stingrays and other "cell-site simulators" (AKA IMSI catchers).

Stingrays, Dirtboxes and other IMSI catchers are fake cellular towers that trick phones into connecting to them, enabling attackers to identify people, break into their phones, and steal their data.

Free apps like SnoopSnitch, Cell Spy Catcher, GSM Spy Finder, Darshak, and AIMSICD detect common tactics used by IMSI catchers to alert users when their phones are being targeted.

The Oxford/TU Berlin team built an IMSI catcher from scratch that they called the "White Stingray," and used different -- but equally effective -- attacks on target phones that the apps couldn't detect.

One of the app creators says that the countermeasures are wholly theoretical and that his app will still reliably detect real-world cell-site simulators. Johns Hopkins security researcher Matt Green also points out that many cell-site simulators are operated by low-expertise local law enforcement, and that even if the companies behind the simulators update their products, the cops who use those products might not ever run the updates.

The team set up their makeshift stingray in a room-sized Faraday cage, to prevent it from accidentally intercepting the phone signals of anyone outside the room. Upon pitting each app against their surveillance tool, they found that each one looked for clues of only a few of the techniques a fake cell tower system might use to track or tap a phone. The apps could detect some hints that the phone was under stingray surveillance. They alerted the user, for instance, when White-Stingray downgraded the phone’s connection to a 2G signal to exploit the older protocol’s weaker security, as well as when it established an connection between the "cell tower" and the phone that lacked encryption. They could also tell when the stingray sent “silent” text messages, which ping the phone to determine its presence without displaying anything to the user, and that the fake tower didn’t exist on previous cell tower maps.

But the researchers simply switched to other methods that only a subset—or in some cases none—of the apps could detect. The White-Stingray used a different command to downgrade the phone's connection to 2G, which neither triggered the detection apps nor appeared on phone's interface. Rather than send a silent text message, it would make a silent call that connected to the target phone, determine its IMSI, and hang up before the phone rang. It surveyed nearby cell towers, and then imitated their configurations to avoid looking 'new'. And it also deployed another trick that the apps didn't try to detect: It prompted the phone to transmit a list of all the other nearby towers, and the strength of each tower's signal, allowing a snoop to triangulate the phone's exact location. "They don't try to identify this method at all," Borgaonkar says of that last technique.

Investigative tech journalist Joseph Menn's (previously) next book is a history of the Cult of the Dead Cow (previously) the legendary hacker/prankster group that is considered to be "America's oldest hacking group."

Using software-defined radios, researchers from Trend Micro were able to reverse-engineer the commands used to control massive industrial machines, including cranes, excavators and scrapers; most of these commands were unencrypted, but even the encrypted systems were vulnerable to "replay attacks" that allowed the researchers to bypass the encryption.

"Letterlocking" is a term coined by MIT Libraries conservator Jana Dambrogio after she discovered a trove of letters while spelunking in the conservation lab of the Vatican Secret Archives; the letters had been ingeniously folded and sealed so that they couldn't be opened and re-closed without revealing that they had been read. Some even contained […]

If you’re a Mac user, you thrive on simplicity. Everything in its place and a place for everything. Unsurprisingly, there’s a ton of great organizational apps out there for Mac, and now someone’s had the great idea to bundle them all together. Whether you’re running a demanding business or just getting through the day to […]

Seems like drones are doing a lot of jobs these days, from reconnaissance to delivery. Now, we can add “keeping the Death Star safe” to that list. Whether you’re a drone enthusiast or a Star Wars fan, these Star Wars Propel Drones are undeniably the coolest toy around. Yes, that’s a fully functional drone replica […]

It’s spring clearance time for the Boing Boing Store, when some of the best deals from the holidays return even cheaper than before. From top-rated apps to educational software to the cutest record player of all time, they’re all back with a little extra incentive. Shop your heart out before tax season wraps up! Use […]